administrator interface for authorization subsystem
authsh is the screen interface invoked by the
Accounts selection to administer the authorization subsystem. It is a
full screen menu-driven interface that provides the functions necessary
to control the generation and maintenance of user and system passwords,
the terminal database configuration, terminal and account locking,
and the generation of administrator reports on system activity.
The functions supported by the main level menu are:
This category of screen interfaces is provided for the setup and maintenance
of user accounts and user account passwords. The
screens are used to add, update, display, and delete user accounts from the
system. Also, modifications to user account passwords or modifications to the
various criteria controlling the generation of account passwords is
accomplished using this menu option.
These options are provided for the maintenance of system-wide parameters
like default privileges, password expiration, password lifetime, single-user
password requirement, restrictive password generation, and the delay time
between login attempts. These parameters apply on a global system basis
rather than a user account basis.
The terminal database interface screens are used for the maintenance of the
database entries to support the addition, deletion, and update of terminal
information. Additionally, this category includes the necessary screens for
setting and clearing locks on specific terminals.
This category provides the administrator with a method of generating various
reports on system activity. Report types include password database, terminal
database, and login activity reports.
This option provides the administrator with a consistency check on
databases (protected password, terminal control database, and subsystem
database) and the password file (/etc/passwd).
The password check returns system account warning messages.
This option is not normally used.
The field values of /etc/default/authsh are:
Name of default login group. Must exist in /etc/group.
List of groups the user is to be a member of. Each group listed
must exist in /etc/group. The LOGIN_GROUP
does not need to be included in this list. The groups in the list may be
separated by commas (,) or spaces.
Name of default login shell, either the name of a shell defined in
/usr/lib/mkuser, or the full pathname of an executable file.
Note that the empty name is legal but is not equivalent to either
sh or /bin/sh.
Default absolute pathname of parent directory of user's home directory.
The home directory itself has the same name as the user. This
parent directory must be r/w/x by group auth.
Default permissions for the user's home directory. Note that both
HOME_DIR and HOME_MODE default settings can be
overridden on a shell-specific and/or path-specific basis.
Default type of user:
Individual -- individual's personal account, used by one person, and one person only.
Security Officer -- various classifications of accounts potentially used by more than one individual.
Pseudo-user -- anonymous account never directly used by a user.
All user types except Individual must have an associated account which
is allowed to
to the user.
MIN_ADMIN_UID to MAX_ADMIN_UID, inclusive:
UID values the administrator may choose.
MIN_SUGGEST_UID to MAX_SUGGEST_UID, inclusive:
UID values the system may suggest.
Note that UIDs less than 200 are reserved and should not be used.
Similar to UID ranges.
Note that GIDs less than 100 are reserved
and should not be used.
Minimum length of an acceptable user name (default: 3 characters).
Maximum acceptable length of a user name (maximum of 8 characters).
Minimum length for a group name (default: 3 characters).
Maximum length for a group name (default: 8 characters).
is not recommended; use the
``Maintaining system security'' in the System Administration Guide
authsh is not part of any currently supported standard; it is
an extension of AT&T System V provided by
The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003